Dear OpenSSL developers,

I've been developing an private peer-to-peer application based on OpenSSL
(Thank you, to all the developers who have put time into OpenSSL)

Initially I used X509 certificates for the authentication between
peers, However I quickly realised that a hierarchical certificate
structure was not ideal, and that a Web of Trust system
would be required.

So I've implemented an web-of-trust style authentication system
inside OpenSSL. It is basically a combination of OpenPGP style
certificates and SSL3/TSL1 connection

After 6+ months of work, I've finished the first working prototype.
and would like to share it with the OpenSSL developers of the
world (and contribute back). Hence this email!

So:
(1) Is OpenSSL interested in including this work into the
code base (provided its up-to-scratch etc...) ?
(2) If so, is there anyone who could [guide/help] me to clean it up
and correctly merge the code?
(3) What are the procedures for doing so (I'm new around here)

I haven't put the code on the website yet, (soon... there is never
enough time to get everything done). but you can see it at work
in my application: RetroShare available at http://www.lunamutt.com.

Looking forward to any comments.

Thanks.

Mark.


-----------------------------------------------------------------------------------------------
More information about the implementation follows.

The work was done on openssl-0.9.7g, and consisted of the following
modifications:
(a) define a ASN1 web-of-trust certificate (a XPGP Certificate) +
implement helper functions.
(b) create a XPGP_method() derived from the ssl3 methods.
This effectively uses the XPGP certificate instead of the X509
certificate. (all the rest is the same)
(c) create a web-of-trust authentication system.

Most of the implementation fits in nicely with the rest of openSSL.
The most significant issues are:
(1) the SSL part of OpenSSL does not allow alternative certificate types, I
therefore transformed "CERT" into a union. (I'm all ears for
alternatives)
(2) The Authentication System is current rather crude and inefficient,
and is
not connected to the STOREs in anyway. (probably needs a redesign)
(3) the Certificate Definition needs to be checked. (would like to make
it compatible with GPG/OpenPGP etc)



__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org